The world's most popular Internet search engine is also the most intrusive, according to privacy rights advocates. EU data privacy experts now want to see if Google's data storage practices are in line with EU rules.
Google co-founders Larry Page (left) and Sergey Brin
Last week, Google's Global Privacy Counsel Peter Fleischer got a message addressed directly to him. It was an open letter from the European Union's so-called Article 29 Data Protection Working Party, which advises the EU Commission on data privacy matters.
The group sent the letter to Google by "snail mail." That may be because the 28-member body does not trust the privacy practices of the Internet search giant.
"They (Google) are playing an obscure game," said Dietmar Müller, press secretary for Germany's data privacy commissioner and Article 29 Working Party chief, Peter Schaar. "There is a need for clarification, so that we can pursue this matter."
When you visit a Google search site, such as google.com or Germany's google.de, the server automatically records a plethora of information that is made readily available by most computers. The data sent to Google's servers -- most of which are located in the United States -- includes the time and date of the connection, as well as technical information about the person's browser, operating system, screen resolution and so on.
The most controversial piece of information stored on the server is the actual search query, which can, over time, paint a revealing picture of people's likes and dislikes, health problems, sexual orientation, interests and consumption patterns.
In addition, all of this information is linked directly to the computer's IP (Internet Protocol) address, a series of numbers that uniquely identifies the connecting device. And for returning visitors, Google installs a so-called cookie on their computer hard drive, which reaps further information and tracks clicks through the Google Web site.
Google has consistently defended the practice, saying it needs this information to improve its products, guard against malicious attacks, investigate Internet fraud and fight online spam.
"The key is striking a reasonable balance between these goals and that's the discussion we want to have with the Working Party," Google's Peter Fleischer said.
Planned merger hardens fears
Google plans to acquire notorious Internet marketer DoubleClick
But Google's planned 3.1 billion-dollar (2.3 billion-euro) acquisition of DoubleClick Inc., a leader in Internet marketing technologies, has only intensified concern among data privacy advocates that Google intends to exploit sensitive user data for profit.
"We are concerned that data will be exchanged with DoubleClick," said Johann Bizer, a German state-level Deputy Commissioner for Data Privacy. "It is important for Google to set the record straight on this."
Franco Frattini, the European Commissioner for Justice, Freedom and Security, has also voiced his support for the open letter.
"The letter is not only welcome, but also absolutely necessary," Bizer said. "There are deficits at Google, and they should be more transparent."
Paradoxically, Google prides itself on the same transparent philosophy that critics say it is lacking.
"We are a consumer-facing Web site in a way that DoubleClick is not," Fleischer said. He argues that this puts Google in "a better position to offer information to consumers on ad targeting and how it all works."
Fleischer cited the example of DoubleClick's "opt-out cookie," a little-known browser cookie that allows users to opt out of the company's targeted advertising, which is believed to reach 80 to 85 percent of all Internet users.
Google's acquisition of the notorious Internet marketer "is actually good for privacy," Fleischer claims, and Google "would never do anything that would undermine the trust of users."
Success prompts distrust
German Data Protection Commissioner Peter Schaar
Google operates the world's most successful online search engine. According to a recent ranking by comScore, a leading pollster of the digital world, nearly half of all Internet users conducted their online searches through Google in March.
Yahoo came in second in the poll, capturing slightly less than 30 percent of the market. Only 10 percent of users searched the Web through Microsoft sites, while the Ask and Time Warner networks scored around 5 percent each. Americans alone conducted 7.3 billion searches online in March, according to the comScore poll.
Google's role as the undisputed industry-leader may help explain why the US-based company has become the focus of European data protection experts. Although Google competitors Yahoo and Microsoft have similar practices for storing search query data, these companies have so far been spared from the crosshairs of EU data privacy officials.
That is an ironic consequence of success, said Google's Fleischer, who has his own theory on why Google is being singled out.
"Very early on, we expressed a commitment to work with data privacy officials constructively," Fleischer said. "I think they thought, let's start engaging with Google, a leader in the search industry, then we might turn to the other companies."
Google to let data expire
Google search sessions are recorded on company servers
In addition, Google announced in March that it would anonymize its server logs after 18 to 24 months. That means that once a user's data has been on Google's servers for up to two years, it will be automatically stripped of any details that could be used to identify a person.
Although Google employees like to cite philosophical motives for their company's actions, Deputy Commissioner Bizer said the decision has a more probable economic cause.
"Google is afraid of the public debate," Bizer said, adding that "this is why the Article 29 group's open letter was so effective" in compelling Google to work with them.
But Fleischer vehemently denied this. The Google approach is different, he said.
"We believe there needs to be robust public debate on this issue. Google has never shied away from controversial topics," Fleischer said, citing a 2005 incident in which the US Department of Justice ordered Google to release its server logs to law enforcement. Google resisted, and a compromise was reached in court.
Fleischer said he intends to deliver an appropriate response to the EU data protection panel before their June 19 meeting in Brussels. He also said he would publish his own letter on the Google blog -- because "Google is committed to being transparent to users and shareholders," he said.
"The Net is an exciting place with many lively debates and that's the world we're living in," he said.